+1 I found your question very interesting, I saw another article - androidpolice.com/2011/03/01/… mention that the malware apps are able to root the phone and even install a backdoor. What if it is able to change the image on the ROM in the phone, then performing a factory reset will be useless since the image is not the original and so the backdoor will still be there. Are there other solution to ensure that the image is not manipulated?
–
JackOct 31 '12 at 1:32

2 Answers
2

For that/those particular piece(s) of malware, the answer is probably yes.

A factory reset cannot always undo rooting, but that is normally due to the more "invasive" methods used for a few hard-to-root devices, and not a simple common exploit like the ones probably used in these rogue apps.

A factory reset should also wipe out installed apps (including the malicious ones) or, if they're stored on the SD card or something, at least reduce them to uninstalled apps just sitting there -- and they can't do anything unless the user reinstalls them.

Factory resets may leave the /system partition intact, however, and any malware could theoretically have replaced system binaries with malicious versions or something along those lines. I haven't heard of malware that does this, but to be on the safe side you would want to re-flash your ROM and not just do a factory reset.

Is a factory reset an uneditable image on the phone (similar to what ChromeOS does)? How does it work?
–
JasCavMar 2 '11 at 17:47

Yes, I believe so. Theoretically I suppose this image could be deleted or something with root privileges. It would be complicated for malware to edit it, and it would gain nothing by deleting it (user will just flash their phone or return it or something), so that's not something I would personally worry about.
–
Matthew Read♦Mar 2 '11 at 18:43

I recently re-flashed my ROM. It does leave the /system/ directory intact. You should definitely format the /system/.
–
sybindJul 12 '13 at 1:07

Adding to what Matthew Read stated, it most likely will not unroot, but on top of that, it will not stop the damage that it has already done with your contacts or data. I mean if it collected contact data and personal passwords ect. then you need to start changing passwords and all that good stuff.

Definitely agree, and understand this. I was just wondering if it would stop further damage (which Matthew Read answered pretty well). Basically, I didn't know if there was a way the trojan could install itself in such a way that a factory reset WOULDN'T remove it. (I don't know exactly how factory resets work - is it an uneditable image within the phone? Something else?)
–
JasCavMar 2 '11 at 17:46